An anonymous threat actor has recently posted what they claim to be 270GB of source code stolen from the New York Times. The alleged leak was first spotted by security researchers at vx-underground. The researchers believe the actor targeted the New York Times’ GitHub account.
In a new update, Auction house Christie’s informed authorities that the data breach caused by a recent ransomware attack impacted the information of roughly 45,000 individuals. The intrusion was discovered on May 9. An investigation showed that the attackers managed to steal some files containing personal information. The notification letter sample submitted by Christie’s to the Maine AG does not specify what type of data was compromised besides names, driver’s license numbers, and non-driver identification card numbers.
Cleveland City Hall recently announced a temporary closure after a significant "cyber incident" that impacted the city's systems. The city has been forced to shut down most internal systems to prevent further damage and investigate a significant cybersecurity breach. The extent of the damage is not yet known. City staff were told on Sunday night that they could not access most internal systems in the morning, with only essential and emergency services being maintained.
A new vulnerability has been discovered in EmailGPT, a Google Chrome extension and Application Programming Interface (API) service that uses OpenAI's GPT models to help Gmail users write emails. According to the Synopsys Cybersecurity Research Center (CyRC), the flaw allows attackers to control the Artificial Intelligence (AI) service by entering harmful prompts. The system may reveal sensitive information or execute unauthorized commands due to these malicious prompts. The issue can be exploited by anyone with EmailGPT access, raising concerns about widespread abuse.
Bo Chen and Niusen Chen won Michigan Technological University's 2024 Bhakta Rath Research Award for their work to ensure information on today's mobile devices can be stored securely and deleted permanently. They were the first to develop the capability for Plausibly Deniable Encryption (PDE) for computing devices. They also addressed sensitive data remnants in flash storage that can resist normal secure deletion techniques. This article continues to discuss the duo's cybersecurity work that won Michigan Technological University's 2024 Bhakta Rath Research Award.
Attackers are wiping GitHub repositories' contents and asking victims to contact them on Telegram. CronUp security researcher German Fernandez discovered the malicious campaign. The threat actor behind it, with the Gitloker handle on Telegram, poses as a cyber incident analyst. They are likely using stolen credentials to compromise targets' GitHub accounts. This article continues to discuss the new Gitloker attacks wiping GitHub repositories in an extortion scheme.
In a campaign called "Commando Cat," cybercriminals use misconfigured Docker containers to conduct cryptojacking. The campaign emerged earlier this year. Trend Micro's latest update regarding the campaign shows that unknown attackers are still using Docker misconfigurations to gain unauthorized access to containerized environments. They use Docker images to launch cryptocurrency miners. This article continues to discuss findings regarding the Commando Cat campaign.
Veeam found that ransomware victims permanently lose an average of 43 percent of the data impacted by an attack. The "Veeam Ransomware Trends Report 2024," based on a survey of 1,200 CISOs, security professionals, and backup administrators who experienced a ransomware attack in 2023, discovered that many organizations are unprepared to recover despite most having incident response plans and policies. This article continues to discuss key findings from Veeam regarding ransomware trends.
Hornetsecurity reports that 26 percent of organizations do not train end users on Information Technology (IT) security. The Hornetsecurity survey of industry professionals worldwide found that 8 percent of organizations offer adaptive training based on security tests. Every company's cybersecurity strategy relies on people. Phishing, which exploits trust, is the most common cyberattack. Employees must have the skills, knowledge, and confidence to spot malicious behavior. However, Hornetsecurity's survey found a training gap and ineffective training initiatives.